What is a Hertzbleed computer chip hack and should you worry?

What is a Hertzbleed computer chip hack and should you worry?

What is a Hertzbleed computer chip hack and should you worry?

A new hack known as Hertzbleed can remotely read data snippets from computer chips, potentially making cryptography algorithms vulnerable to attack.

The Hertzbleed attack, a newly identified attack that can be used to extract information from computer chips, has captured the interest of tech security researchers — and tech news sites. Here's what you need to know about the story.

What is a Hertzblade?

It is a new computer hack that takes advantage of the common power-saving feature of modern computer chips to steal sensitive data. It has been shown in the lab and could be used by hackers in the wild.

Most chips use a technology called dynamic frequency scaling, or CPU throttling, to increase or decrease the speed at which they execute instructions. Increasing the CPU power up and down to match the demand makes it more efficient.

In the past, hackers have shown that they can read these force signatures and learn things about the data being processed. This could give them a foothold to break into a machine.

What does it mean to you?

The team behind Hertzbleed found that you can do something similar remotely by watching carefully to see how quickly a computer completes certain operations and then using that information to determine how the CPU is currently throttling. Proving that such attacks can be carried out remotely makes the problem more serious because remote attacks are easier for hackers to perform.

Intel declined an interview request by New Scientist but said in a security warning that all of its chips are vulnerable to attack. With such an attack, the company said, "it may be possible to infer bits of information through sophisticated analysis."

AMD, which shares the chip's architecture with Intel, has also issued a security alert listing several mobiles, desktop, and server chips as vulnerable to attack. A request for comment was not returned by the company.

New Scientist also contacted chip maker ARM but did not answer questions about whether it was working to avoid similar problems with its own chips.

One of the main issues is that even if your personal devices aren't affected, you can still fall victim to Hertzblade. Thousands of servers all over the world will store and process your data, archive it, and run the services you rely on every day. Any of these devices may run on Hertzbleed-prone devices.

According to Intel, stealing even a small amount of data can take "hours to days," so Hertzbleed is more likely to leak small snippets of data rather than large files, email conversations, and the like. But if this data snippet looks like an encryption key, its impact can be significant. "Hertzbleed represents a real and practical threat to the security of crypto software," the researchers who discovered the flaw say on their website.

How was it discovered?

Hertzbleed was created by a group of researchers from the University of Texas at Austin, the University of Illinois at Urbana-Champaign, and the University of Washington in Seattle. They say they disclosed their discovery to Intel in the third quarter of last year, but the company asked to remain silent until May of this year — a common request designed to allow the company to fix a flaw before it becomes public knowledge.

Intel then allegedly requested an extension until June 14, but it appears they have not released any solution to the problem. AMD was made aware of the issue in the first quarter of this year.
Details of the vulnerability have now been published in a paper on the researchers' website and will be presented later this summer at the USENIX Security Symposium.

"Force attacks on lateral channels have long been known, but this is a worrying development for the art," says Alan Woodward of the University of Surrey, UK. "The story of its discovery and how it was kept secret should serve as a warning about what else might be out there."

Can it be repaired?

Neither Intel nor AMD releases patches to fix the problem, the researchers claim on their website. Neither company responded to New Scientist's questions.

When attacks that monitored changes in chip speed or frequency were first discovered in the late 1990s, there was a popular solution: write code that uses only "constant time" instructions - that is, instructions that take the same amount of time to carry them regardless of what data is being processed. This prevented the observer from acquiring the knowledge that helped him read the data. But Hertzbleed can get around this strategy and it can be implemented remotely.

Since this attack is based on the chip's feature's normal operation, not an error, it can be difficult to fix. The researchers say the solution is to turn off the CPU control feature on all chips, globally, but caution that doing so will "significantly affect performance" and that it may not be possible to turn off frequency changes completely on some chips.

Am I affected by Hertzbleed?

Yes, most likely.

The Intel security advisory states that all Intel processors are affected. We experimentally confirmed that many Intel processors were affected, including 8th to 11th generation microarchitecture desktop and laptop models.

The AMD security advisory states that many desktops, mobile, and server processors are affected. We have confirmed experimentally that AMD Ryzen processors are affected, including desktop and laptop models of the Zen 2 and Zen 3 microarchitectures.

Other processor vendors (eg, ARM) also implement frequency scaling in their products and have been reported to Hertzbleed. However, we have not confirmed whether or not they are influenced by Hertzbald.

What is the Hertzblade effect?

First, Hertzbleed explains that on modern x86 CPUs, power side-channel attacks can be converted into timing attacks (even remotely!) - which raises the need for any power-metering interface. The reason is that under certain conditions, periodic CPU frequency adjustments depend on the current CPU power consumption, and these adjustments directly translate into execution time differences (eg 1 Hz = 1 cycle per second).

Second, Hertzbleed demonstrates that even when properly implemented at constant time, cipher can still leak via remote timing analysis. The result is that current industry guidelines for how to write constant-time code (such as Intel code) are insufficient to guarantee constant-time execution on modern processors.

Should I be worried?

If you are a regular user and not a coding engineer, you probably don't need to apply a patch or change any configurations at this time. If you are a coding engineer, read on. Also, if you are running a SIKE capsule decompilation server, be sure to post the mitigation described below.

Is there a CVE dedicated to Hertzbleed?

yes. Hertzbleed is tracked under CVE-2022-23823 and CVE-2022-24436 in the Common Vulnerabilities and Vulnerabilities (CVE) system.

Is Hertzbleed an insect?

No, the root cause of Hertzbleed is dynamic frequency scaling, a feature of modern processors, used to reduce power consumption (during low CPU loads) and to ensure the system stays below power and heat limits (during high CPU loads).

When was Hertzblade revealed?

We disclosed our findings, along with proof-of-concept code, to Intel, Cloudflare, and Microsoft in the third quarter of 2021 and to AMD in the first quarter of 2022. Intel originally requested that our results be subject to embargo until May 10, 2022. Subsequently, Intel requested a significant extension of this ban, and we coordinated with them on public disclosure of our findings on June 14, 2022.

Do Intel and AMD plan to release microcode patches to mitigate Hertzbleed?

No, to our knowledge, Intel and AMD do not plan to publish any microcode patches to mitigate Hertzbleed. However, Intel does provide guidelines for mitigating Hertzbleed in software. Cryptographic developers may choose to follow Intel's guidelines to strengthen their libraries and applications against Hertzbleed. For more information, we refer to the official security guidelines (Intel and AMD).

Why did Intel demand a long ban, considering that it does not publish patches?

Ask Intel.

Is there any business in this area?

Technically, yes. However, it has a significant impact on system-wide performance.

In most cases, a workload-independent workaround for Hertzbleed mitigation is to disable frequency boost. Intel calls this feature "Turbo Boost," and AMD calls it "Turbo Core," or "Precision Boost." Overclocking can be disabled either through the BIOS or at boot time via the overclocking trigger.

In our experiments, when frequency boosting was disabled, the frequency remained constant at the fundamental frequency during the execution of the workload, preventing leakage through Hertzbleed. However, this is not a recommended mitigation strategy as it will greatly affect performance. Furthermore, on some custom system configurations (with lower power limits), data-dependent frequency updates may occur even when frequency boosting is disabled.

What is seki?

SIKE (Supersingular Isogeny Key Encapsulation) is a ten-year-old, extensively studied key encapsulation mechanism. He is currently a finalist in NIST's Post-Quantum Cryptography competition. It has multiple industrial applications and has been the subject of a wild sawing trial. Among its purported advantages is its "well-understood" side-channel position. You can find author names, applications, talks, studies, articles, security analyzes, and more about SIKE on its official website.

What is the key wrapping mechanism?

Key Encapsulation Mechanism is a protocol used for the secure exchange of a symmetric key using asymmetric (public key) cryptography.

How did Cloudflare and Microsoft mitigate the attack on SIKE?

Cloudflare and Microsoft have published mitigation suggested by De Feo et al. (Which, while our paper was under a long ban from Intel, rediscovered how to independently exploit ano0s malicious in SIKE for power side channels). The mitigation consists in verifying, before decoding the capsule, that the ciphertext consists of a pair of linearly independent points in the correct order. The dilution adds 5% capsule decoding performance for CIRCL and 11% for PQCrypto-SIDH.

Is my static cipher library affected?

affected? Yes most likely. vulnerable? Can.

Your constant-time cipher library may be at risk if it is subject to a secret-dependent power leakage, and this leakage extends processes sufficient to cause secret-dependent changes in unit frequency central processing. Future work is needed to systematically study cipher systems that can be exploited via the new Hertzbleed side channel.

Source :




Font Size
lines height